Cover image for CISSP
Title:
CISSP
Author:
Andress, Mandy.
Personal Author:
Publication Information:
Scottsdale, Ariz. : Coriolis, [2001]

©2001
Physical Description:
xxviii, 265 pages : illustrations ; 23 cm.
General Note:
Includes index.
Language:
English
ISBN:
9781588800299
Format :
Book

Available:*

Library
Call Number
Material Type
Home Location
Status
Central Library QA76.3 .A53 2001 Adult Non-Fiction Central Closed Stacks
Searching...

On Order

Summary

Summary

The CISSP Exam Cram is an exciting new study guide for the rapidly growing number of professionals seeking to pass the CISSP certification exam. Clear, concise, and highly focused content lays out core technologies covered on the exam like Access Control, Compute Operations Security, Cryptography, Application Program Security, Communications Security, and Systems and Physical Security. Candidates gain a significant advantage during the test from the book's tear-out cram sheets and memory joggers, sections on proven test-taking strategies, warnings on trick questions, and time-saving study tips.


Table of Contents

Introductionp. xxi
Self-Assessmentp. xxv
Chapter 1 The CISSP Certification Examp. 1
Assessing Exam-Readinessp. 2
The Exam Situationp. 2
Multiple-Choice Question Formatp. 3
Exam Strategyp. 4
Question-Handling Strategiesp. 5
Mastering the Inner Gamep. 5
Additional Resourcesp. 6
Chapter 2 Access Control Systems and Methodologyp. 7
Accountabilityp. 8
Access Control Techniquesp. 8
Discretionary Access Control (DAC)p. 8
Mandatory Access Control (MAC)p. 9
Lattice-Based Access Controlp. 9
Rule-Based Access Controlp. 9
Role-Based Access Controlp. 9
Access Control Listsp. 9
Access Control Administrationp. 10
Account Administrationp. 10
Account, Log, and Journal Monitoringp. 10
Access Rights and Permissionsp. 10
File and Data Ownersp. 10
Principle of Least Privilegep. 10
Separation of Duties and Responsibilitiesp. 11
Access Control Modelsp. 11
Bell-LaPadulap. 11
Bibap. 12
Clark-Wilsonp. 12
Non-Interference Modelp. 13
Identification and Authentication Techniquesp. 13
Knowledge-Based Authenticationp. 13
Characteristic-Based Authenticationp. 13
Tokensp. 14
Ticketsp. 14
Access Control Methodologies and Implementationp. 14
Centralized Access Controlsp. 15
Decentralized Access Controlp. 15
Methods of Attackp. 16
Brute Force Attackp. 16
Denial of Service (DoS) Attackp. 16
Dictionary Attackp. 17
Spoofing Attackp. 17
Man-in-the-Middle Attackp. 17
Spammingp. 17
Sniffersp. 17
Crackersp. 18
Monitoringp. 18
Intrusion Detection Systems (IDS)p. 18
Categories of Intrusion Analysisp. 18
Practice Questionsp. 21
Need to Know More?p. 26
Chapter 3 Telecommunications and Network Securityp. 27
Open Systems Interconnection (OSI) Layers and Characteristicsp. 28
Physicalp. 28
Data Linkp. 28
Networkp. 28
Transportp. 29
Sessionp. 29
Presentationp. 29
Applicationp. 29
Physical Media Characteristicsp. 29
Unshielded Twisted Pair (UTP)p. 29
Shielded Twisted Pair (STP)p. 30
Coaxial Cablep. 30
Fiber Optic Cablep. 31
Network Topologiesp. 32
Star Topologyp. 32
Bus Topologyp. 33
Ring Topologyp. 34
IPSecp. 35
Authentication Header (AH)p. 35
Encapsulating Security Payload (ESP)p. 35
Key Exchangep. 35
Modesp. 35
Transmission Control Protocol/Internet Protocol (TCP/IP)p. 36
IPp. 36
TCPp. 37
Local Area Network (LAN)p. 37
Wide Area Network (WAN)p. 37
Virtual Private Network (VPN)p. 38
Secure Remote Procedure Call (RPC)p. 38
Remote Authentication Dial-In User System (RADIUS)p. 39
Network Monitors and Packet Sniffersp. 39
Network Monitorp. 39
Packet Snifferp. 39
Firewallsp. 39
Packet Filteringp. 40
Circuit Gatewaysp. 40
Application Proxiesp. 40
Firewall Architecturesp. 40
Router Architecturep. 40
Stateful Packet Filters Architecturep. 41
Application Gateways Architecturep. 41
Repeated/Switched/Routed Networksp. 42
Repeated Networksp. 42
Switched Networksp. 42
Routed Networksp. 42
Transport Layer Security (TLS) and Secure Sockets Layer (SSL)p. 43
Secure Electronic Transactions (SET)p. 43
Privacy-Enhanced Mail (PEM)p. 44
Originator Authenticationp. 44
Message Confidentialityp. 45
Data Integrityp. 45
Challenge-Handshake Authentication Protocol (CHAP)p. 46
Password Authentication Protocol (PAP)p. 46
Serial Line Internet Protocol (SLIP)p. 46
Point-to-Point Protocol (PPP)p. 47
High-Level Data Link Control (HDLC)p. 47
Frame Relayp. 48
Synchronous Data Link Control (SDLC)p. 49
Integrated Services Digital Networkp. 50
X.25p. 50
Tunnelingp. 50
Network Address Translation (NAT)p. 51
Transparencyp. 51
Hash Functionp. 51
Fax Securityp. 52
Address Resolution Protocol (ARP)p. 52
Floodingp. 53
PBX Fraud and Abusep. 53
Practice Questionsp. 54
Need to Know More?p. 59
Chapter 4 Security Management Practicesp. 61
Security Management Concepts and Principlesp. 62
Availabilityp. 62
Integrityp. 62
Confidentialityp. 62
Security Services and Mechanismsp. 63
Security Servicesp. 63
Security Mechanismsp. 64
Specific vs. Pervasive Mechanismsp. 65
Protection Mechanismsp. 65
Layeringp. 65
Data Abstractionp. 66
Change Control and Managementp. 66
Information/Datap. 66
Employment Policies and Practicesp. 67
Hiring Practicesp. 68
Employee Relationshipsp. 69
Operationsp. 69
Policies, Standards, Guidelines, and Proceduresp. 70
Risk Managementp. 70
Cost-Benefit Analysisp. 70
Risk Safeguardsp. 71
Roles and Responsibilitiesp. 71
Practice Questionsp. 72
Need to Know More?p. 77
Chapter 5 Applications and Systems Development Securityp. 79
Distributed Environmentp. 80
Agentsp. 81
Appletsp. 81
Objectsp. 82
Local/Nondistributed Environmentp. 83
Virusesp. 83
Trojan Horsesp. 84
Logic Bombsp. 84
Wormsp. 84
Databases and Data Warehousingp. 85
Aggregationp. 85
Data Miningp. 86
Inferencep. 86
Polyinstantiationp. 86
Multilevel Securityp. 87
Knowledge-Based Systemsp. 89
Expert Systemsp. 89
Neural Networksp. 90
System Development Life Cycle (SDLC)p. 90
Investigationp. 91
Analysis and General Designp. 91
Implementationp. 92
Installationp. 92
Reviewp. 92
Practice Questionsp. 93
Need to Know More?p. 98
Chapter 6 Cryptographyp. 99
Encryption Techniques and Technologiesp. 100
Rounds, Parallelization, and Strong Encryptionp. 100
Symmetric (Private Key) Encryptionp. 101
Symmetric Algorithmsp. 101
Asymmetric Key Encryptionp. 104
Asymmetric Algorithmsp. 104
Hash Encryptionp. 106
Hash Algorithmsp. 107
Digital Signatures (DSs)p. 107
Digital Certificatesp. 109
Using Encryption Processesp. 110
Emailp. 110
Web Server Encryptionp. 111
Secure Network Protocolsp. 114
Details of IPSecp. 118
Internet Key Management Protocolp. 120
Public Key Infrastructure (PKI)p. 121
Cryptography Attacksp. 122
Practice Questionsp. 124
Need to Know More?p. 128
Chapter 7 Security Architecture and Modelsp. 129
Principles of Common Computer and Network Organizations, Architectures, and Designsp. 130
Addressingp. 130
Hardware, Firmware, and Softwarep. 131
Machine Typesp. 131
OSI Modelp. 131
Operating Statesp. 133
Resource Managerp. 133
Storage Typesp. 133
Principles of Common Security Models, Architectures, and Evaluation Criteriap. 134
Accreditation and Certificationp. 134
Closed and Open Systemsp. 134
Confinement, Bounds, and Isolationp. 134
IETF Security Architecture (IPSec)p. 134
ITSEC Classes and Required Assurance Functionalityp. 134
Objects and Subjectsp. 135
Reference Monitors and Kernelsp. 135
Security Modelsp. 136
TCSEC Classesp. 137
Common Flaws and Security Issues Associated with System Architectures and Designsp. 138
Channel Issuesp. 138
Initialization and Failure Statesp. 138
Input and Parameter Checkingp. 139
Maintenance Hooks and Privileged Programsp. 139
Programming (Techniques, Compilers, APIs, and Library Issues)p. 139
Electromagnetic Radiationp. 139
Practice Questionsp. 141
Need to Know More?p. 145
Chapter 8 Operations Securityp. 147
Administrative Managementp. 148
Operations Conceptsp. 148
Control Typesp. 149
Operations Controlsp. 149
Resource Protectionp. 150
Auditingp. 150
Security Maintenance and Monitoringp. 152
Penetration Testingp. 152
Practice Questionsp. 155
Need to Know More?p. 159
Chapter 9 Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP)p. 161
Risk Evaluationp. 162
Business Continuity Planning (BCP)p. 162
Planningp. 163
Documentationp. 164
Backup Locationsp. 165
Alternatives for Backup Equipmentp. 166
Practice Questionsp. 168
Need to Know More?p. 173
Chapter 10 Law, Investigation, and Ethicsp. 175
Understanding Intellectual Propertyp. 176
Patents, Trademarks, Copyrights, and Trade Secretsp. 176
Computer-Relevant Lawsp. 177
Computer Fraud and Abuse Act of 1986 (Amended 1996)p. 178
Computer Security Act of 1987p. 179
Federal Privacy Act of 1974p. 179
Electronic Communications Privacy Act of 1986p. 181
Major Categories and Types of Lawsp. 182
Differences in International Computer Crime-Related Lawsp. 182
Evidence Handlingp. 182
Evidence Life Cyclep. 183
Conducting Computer Crime Investigationsp. 185
Types of Surveillancep. 185
Entrapment and Enticementp. 185
Search and Seizure Rules and Proceduresp. 185
Federal Interest Computerp. 186
Due Carep. 186
Hearsayp. 187
Major Categories of Computer Crimep. 187
Military and Intelligence Attacksp. 187
Business Attacksp. 187
Financial Attacksp. 187
Terrorist Attacksp. 188
Grudge Attacksp. 188
"Fun" Attacksp. 188
Code of Ethicsp. 188
RFC 1087 Ethics and the Internetp. 188
Internet Activities Board (IAB) Statement of Policyp. 189
International Information Systems Security Certifications Consortium (ISC2) Code of Ethicsp. 190
Practice Questionsp. 193
Need to Know More?p. 198
Chapter 11 Physical Securityp. 199
Physical Security Threatsp. 200
Elements of Physical Security Controlsp. 201
Facility Management and Planning Requirements for IT/ISp. 202
Floor Slabp. 202
Raised Flooringp. 202
Wallsp. 202
Ceilingp. 202
Windowsp. 202
Doorsp. 202
Otherp. 203
Air Conditioning (AC)p. 203
Pertinent Personnel Access Controlsp. 203
Determining Site Locationp. 206
Designing Strong Physical Securityp. 207
Protecting the Building and Equipmentp. 207
Protecting Wiringp. 209
Securing Storage Areasp. 209
Dealing with Existing Facilitiesp. 209
Protecting External Servicesp. 209
Surveillance Devicesp. 209
Fire Detectorsp. 210
Motion Detectorsp. 211
Controlp. 211
Physical Security Checklistp. 212
Create a Secure Environment: Building and Room Constructionp. 212
Guard Equipmentp. 213
Rebuff Theftp. 213
Attend to Portable Equipment and Computersp. 214
Regulate Power Suppliesp. 214
Protect Outputp. 214
Practice Questionsp. 215
Need to Know More?p. 219
Chapter 12 Sample Testp. 221
Chapter 13 Answer Keyp. 235
Glossaryp. 247

Google Preview